Esports & Computer Security Blog. For SC2 tournaments see clocks immediately below. Starts with Korean time at upper left, moves west around the world till you end with PDT/PST clock for Anaheim USA. I earn a small referral fee if you click the occasional Amazon links and then purchase item. It does not affect the purchase price. For more information see "Amazon Associates" link below & left of clocks.

There are many important components to good passwords, and I suggest reading his article, but if your not going to, I would say the 2 key points to a strong enough password for most of us are the following.

First, Password Length, size matters!

[Thinking of it that way will ensure you remember that important fact.]

"The use of every type of character forces the attacker to search through
the largest possible space. We must always assume that an attacker is
as smart as possible (and most are). So, knowing that 41.69% of all
passwords consist of only lowercase alphabetic characters, a smart
attacker who is forced to resort to a brute force search won't initially
bother spending time guessing passwords that contain uppercase, digits
and symbols. Only after an all lowercase search out to some length has
failed will an attacker decide that the unknown target password must
contain additional types of characters.

So, in essence, by deliberately using at least one of each type of character, we are forcing the attacker to search the largest possible password space, because our password won't ever be found in any of the smaller spaces."

An excellent article, titled "The Rules of Computing" from a Computer Security blog I follow, it is Mac focused, but the information, aside from Mac specific software, applies to all computers, including Smart Phones!

A lot of people don't realize that smart phones are computers, with additional vulnerabilities added, and that it takes a certainly baseline skillset to operate them without undue security risks.

Especially with the Android platform, since it is less tied down, and far more open, much like computers.

I wonder if there may be a real job opportunity for Nerds to get into Android Security?

Full article at Blizzard link above, covers "Hotfixes, Upcoming Patch, and Ongoing Issues"; also says that due to the problems people have had staying on Bnet servers & etc that they are postponing the opening of the Real Money Auction House (RMAH) for D3, they also cover "Battle.net®/Diablo III Security Concerns" which fits with what I have blogged already about here(includes link to Blizz to open ticket if account is hacked) & here, but below are some direct quotes of critical sections about Bnet/D3 security from Blizzards current article linked at top:

...the number of Diablo III players who've contacted customer service to report a potential compromise of their personal account has been extremely small. In all of the individual Diablo III-related compromise cases we've investigated, none have occurred after a physical Battle.net Authenticator or Battle.net Mobile Authenticator app was attached to the player's account, and we have yet to find any situation where a Diablo III player's account was accessed outside of "traditional" compromise methods (i.e. someone logging using an account's login email and password).

also

...we've also seen discussions regarding the possibility of account compromises occurring in ways that didn’t involve these "traditional" methods -- for example, by "session spoofing" a player’s identity after he or she joins a public game. Regarding this specific example, we've looked into the issue and found no evidence to indicate compromises are occurring in this fashion, and we've determined the methods being suggested to do so are technically impossible. However, you have our assurance that we’ll continue to investigate reports such as these and keep you informed of important updates.

and

The best defense against account theft still includes smart password management (e.g. using a unique password for every site/service and keeping your password to yourself) and scanning for malware and viruses regularly, as well as following additional preventative steps found here. In the end, while no security method is 100% foolproof, the physical Battle.net Authenticator and Battle.net Mobile Authenticator app are great ways to provide your account with an extra layer of protection.

I hope that helps, you can click on the Diablo 3Label, to see all of my Blog posts on D3, you can find that Label and select others in the Labels cloud at left side of the Blog. Every blog post will also have Label(s) at bottom left of post.

The point of using these is that most Malware isn't designed to run on Linux, and the Live CD runs separated from the computer in many ways.

Bear in mind many of these people that Brian Krebs talks about lost $100k or more in money! So they were and are taking this very seriously, and more than a couple were using two factor authentication, lot of banks require than for customers that have large amounts of money.

But with malware on your computer, they can block or delay your log in and use the authentication that you enter to log in.

According to Blizzard, any time they release a new game, like Diablo 3, or when they release an expansion, there is an increase in the number of accounts reported being Hacked.

There are lots of reasons for this, but here some basic things you can do to help prevent this, these are things you should be doing to reduce your risk from these types of problem in general (ie internet banking, internet buying, etc).

First make sure your Operating System (OS) is up to date (as security problems are found, they are fixed, you need these to help keep hackers out, it is like getting a broken lock on your house door fixed), if your not sure see these links:

I can't recommend any other free ones at this time, I have been using Security Essentials for some time now since having serious problems with a different free product.

I haven't yet used the Sophos product, because I don't have a Mac yet, but I will be getting a Mac in a few weeks, and Sophos' AntiMalware is what my research leads me to use, I will report directly about that product in a future post.

Those two steps will do a lot to prevent a keylogger or something else bad from getting on your computer.

What that does it lets Blizzard send you a 2nd temporary password to use in addition to the password you picked, it is like needing two keys to open a vault or launch a nuke.

I have at least one friend that has using this for some time, and it saved his account from getting hacked when all his local gaming buddies accounts got hacked.

VOD below from Blizzard describes these products and how to use them.

Cliff recommends the Authenticator over the Moble Authenticator, because most of us will connect our phones to our computers at least some of the time, and if there is MalWare on the computer, it could infect the phone as well.

Friend of mine recently had that happen to his phone, his infected computer also infected his phone.

Or if you have MalWare on your phone, from App or something else, the Hackers might be able to access that 2nd password.

I REALLY recommend the Authenticator if you use a shared or public computer!!!!!!!

I know lot of gamers are computer geeks & hackers, but not all gamers are, I also know lot of computer geeks prefer Android to iPhone, but you may still have friends or family that use iPhone, or maybe you use iPad or iPod yourself for music.

Anyway, my gf has iPad, so I have been doing a lot of research on iOS security.

Found out some real interesting things about iOS security.

See this Elcomsoft pdf for details, they also cover several password keepers in detail in that pdf. Elcomsoft is a company that build hacking software and tools for governments and police agencies.

If your using an iPhone 4S or iPad2 or newer (ie A5 or newer chip), and use a strong password and lock the iOS device, your pretty darn secure.

Though iPhone 3GS & current gen iPod touch are fairly secure, they can be hacked by companies like Elcomsoft, or people using tools made by those types of companies from what I understand currently.

Apple may have a backdoor, but if they do it has not made news yet, you also need to be careful what you put on the iCloud, cause Apple states in EULA & etc for iCloud that they can view and even delete data from there.

There are password keepers that encrypt on the device but use iCloud or Dropbox for syncing and backup of encrypted data.

Only problem I have found is that there is a Bug that can prevent iOS device from encrypting data if it shipped with iOS 3.0

Thursday, May 17, 2012

This episode of Pro Corner we have zergs col.Goswser and Fitzy on to
discuss ZvT. They will be doing a dual coaching format where each player
will take turns walking us through a live game while the other "looks
over their shoulder" with comments and critiques. The last 15-20 mins
will be saved for view Q&A where you guys can ask col.Goswser and
Fitzy any of your questions via skype call in or stream chat. These 2
guys are alot of fun so don't miss out!

I don't claim to be a Computer Security expert, but ever since my old XP machine got infested with malware after installing free AVG I have been very picky about what AV (AntiVirus) software I install.

If I felt halfway sure I got it clean there is data I would like to pull off of it, nothing critical, but some useful things.

I know, I should have it backed up but we are talking like maybe a dozen bookmarks that I could find again with couple days of work if I ever do need them, & some project Gutenberg books that I have on my Blackberry anyway but have been to lazy to download again on laptop or transfer from Blackberry to my laptop (I wish smartphones had USB 3!!!).

Anyway I though some of my readers would find this tool useful, you can put it on a DVD/USB and then boot with Windows Defender Offline, it will load ahead of the root kits during the boot from what I understand ( I am not a hard core computer nerd).

I as well as many others are looking forward to Diablo III, which releases in less than 4 hours from now (in NA), I figured I would post some links to help anyone having trouble with the install tonight or in the future.

Feel free to post helpful links or information in the comments section.

Thanks to Stephano, many more Zerg are starting to use Spines as part of their build, something I have suggested for a long time, Spines are far more useful than banking thousands of minerals IMO.

I do wish, specifically against Protoss that Zerg would make more Spores, they do a lot to deny Protoss free map hacks via Observers!!!

I think 1 or 2 Spores for every clump of Spines is good.

Another Key point to consider for late game Zerg, is to make more Macro Hatches, specially forward ones like Stephano has toyed with, if you use them to make units, a Hatch with no injection will produce ~4 Larva a minute (ie 1 every 15 seconds).

So 3 Hatches will cost 900 Minerals and without Injects will produce 12 Larva/minute vs 2 Hatches + 2 Queens that cost 900 Minerals and with Injects will provide ~12 Larva a minute.

So if you make more Macro hatches you will have more Larva after big fights when you miss injects, plus if you have 2-3 hatches near each Queen, if you miss Injects, the Queen can burn her extra energy by injecting all the Hatches next to her.

Additionally the Hatch provides some supply, and has a lot more HP than either Ovie or Queen, and counts as a building for base races.

Friday, May 11, 2012

For my readers in UK & EU, you might want to go to this event, in their own words this "show is the only UK video games expo which caters for every aspect of
video games – from console, PC and mobile to classic gaming including
arcade and pinball right through to pro gaming/eSports and even cosplay."

To see list of all Pro Gamers Playlists I have posted click playlist, that link can be found at bottom left of this post, and in the Label cloud at left side of Blog.

I have not figured out a good way to have cross reference search engine in the blog itself yet (google widget for Blog doesn't work as good as main Google?!?), but my blog is well crawled by Google so you can cut and past Cliff's Esports Corner Playlist in Google. Then add WhiteRa, Catz, Stephano, Drewbie, TLO, etc to get a list of Playlists I have posted of that specific player.

Though Computer Security is multi faceted, one important aspect is knowing about new problems, so you can find and implement work arounds or temporary fixes until the weakness is patched.

Sometimes no security patch or updates will be issued, or they may not be released for months [Cough Mac, Flash, Cough].

Sometimes there are technical reasons for those delays, and sometimes other reasons, doesn't really matter to us, still have to deal with the problem.

I follow several blogs & podcasts to stay on top of issues.

One of my favorites, a weekly podcast, is the Security Now podcast I have mentioned before, I am not a hard core computer nerd, but this podcast provides good enough explanations of security issues, without dumbing down, that I can keep improving my knowledge base on the topic.

For daily, or as it happens, updates I follow several blogs, here is a partial list, I would welcome suggestions for more to follow,